CONFIDENTIALITY CHARTER
Gymglish, May 24, 2018  v4.0

INTRODUCTION

The A9 Company (hereafter referred to as "The Company"), an SAS with a capital of 81,382 euros, is registered with the Registry of Trades and Companies of Paris under RCS Paris B 451 911 812. Its headquarters are located at 16A Boulevard de Reuilly, 75012 Paris, France - email address: support@gymglish.com. Its EEC VAT number is FR10451911812. The Company primarily provides online training services. The Company’s website publication manager is Benjamin Levy.

The Company places great importance upon the security of personal data and commits to ensure its protection under European and French standards relating to the processing of this data.

Explanatory comments in the right-hand column of this document have no binding legal value; they serve only to facilitate the overall comprehension of the document, re-written in simpler terms.

1 UPDATES

The Company reserves the right to amend this document at any time.

If applicable, the revision number and date located at the top of this document will identify the version.

Each update will be published on our Site. Any changes will take effect upon said publication.

By continuing to use the Site, the Services and/or Applications, or by accessing them after an update of our terms, you acknowledge and accept all of the modifications therein.

For translations, the reference document for interpretation shall be the original French, whose latest applicable version is available at the following address: https://www.gymglish.com/documents/privacy-policy-fr-latest.pdf

2 DEFINITIONS

Activation refers to The start date of the Subscription.

Application or mobile Application refers to a program designed and/or produced by the Company that is downloadable and executable from the operating system of a smartphone or tablet.

Client refers to an adult and able person or company who either accepts the Listing of a Seller on the Marketplace or purchases a Subscription on his own account, or on behalf of one or more User(s).

Course refers to all of the Lessons completed by and tailored to each User.

Lesson refers to the content of the lesson, the content of the corrections and the content of any supplementary corrections tailored to each User.

Listings refers to the service offer(s) proposed directly by a Seller to other Users via the Marketplace.

Marketplace refers to a dedicated space on the Site allowing for Listings by Sellers to be posted and viewed by the Users.

Provision refers to service offered directly to the User by a Seller through a Listing on the Marketplace.

Product refers to one of the Gymglish, Frantastique or Rich Morning Show offers, whether on the Application or on the Site.

Seller refers to an adult and able person or company who uses the Marketplace and posts Listings viewable by Users.

Service refers to the design, production, delivery and correction of personalized Lessons provided by the Company.

Site refers to the set of web pages managed by the Company, including gymglish.com, gymglish.fr, frantastique.com, frantastique.fr, richmorning.com.

Subscription refers to placing the Service at a User’s disposal for a fixed price and duration, regardless of the number of Lessons completed by the User.

Test refers to the testing of the Service, proposed free of charge to the User for a limited period of time.

”User” or ”You” or ”They” refers either to someone who has created an account on the Marketplace, or a person who uses the Service. Each User may subscribe to one or more Course.

3 LEGAL CONTEXT

The Company commits to keep its legal obligations in terms of respecting personal data in France, the country in which it has its headquarters, namely:

The processing of personal data implemented by the Company is subject to a declaration to the CNIL (declaration No. 1276610/0-A9) and the hosting of this data is in Europe.

4 WHAT TYPE OF PERSONAL DATA THE COMPANY COLLECTS

4.1 Data disclosed by the User or Client

We receive, retain and process information that the User or Client provides whenever they access our Services or use them, for instance, whenever:

4.2 Contact origin data

Whenever the User or Client signs up for a Test, purchases the Service of the Company or creates an account on the Marketplace through a partner site (hereafter referred to as ”the Partner”) or through a commercial link, the Company shall retain the information concerning the contact’s origin.

4.3 Connection data

The Company shall also receive, retain and process:

4.4 Cookies

The Company uses cookies and other similar technologies (hereafter referred to as ”Cookies”). The Company uses its own Cookies, either in order to allow for the technical functioning of the Service or Site (for example, to remember a visitor’s preferred language on the Site), or to identify the User or Client (for example, after a login to "My Account" or to the store). Cookies from third-party companies (for example, from partners or service providers) may also be installed when browsing the Site or when using the Services. In this case, the Company shall ensure that these third-party companies, unless approved by the person concerned, will strictly respect the Information and Freedoms Law mentioned above and shall commit to implement the appropriate security and protection measures for the confidentiality of the data.

It is possible to configure your browser to refuse the placement of the Company’s Cookies; such a modification therefore may alter the functionality of the Company’s Site and Services. However, refusing the placement of Cookies from third-party companies should have no effect on the functionalities of the Company’s Site or Services.

4.4.1 GOOGLE ANALYTICS

The Company uses Google Analytics, a website analysis service provided by Google that uses Cookies when accessing our Sites and Services. Google details how it uses the data collected at the following address:

https://www.google.com/policies/privacy/partners/

You can disable Google Analytics .

4.5 Social networks

The Company may authorize the use of third-party social plugins ("social plugins" refers, for example, to Facebook’s "like" button or Twitter’s "share" button, etc.). If a User or Client is connected to their third-party account, this third party may access information relating to the Company’s Services (for example, Users may share the score of one of their Lessons with their social network). The third-party personal data protection charter will provide more information about its practices in terms of data, especially about the data it collects and how it uses it.

4.6 Referred friends data

Users or Clients may send their contacts, especially by sending an email or by copying a personalized link on social networks, an invitation to try out the Service. The person accepting the invitation shall then be considered as a member of the "Referred friends". The Company shall apply the same respect for personal data for Referred friends as that belonging to Users.

5 OPT-IN AND COMMUNICATING WITH THE COMPANY

5.1 Emails

Opt-ins are agreements by Users or Clients prior to sending commercial communications (for example, to receive promotional emails) from the Company or from a third-party Partner. The Company commits to respecting opt-ins affecting it and allowing the activation or refusal of these communications in the "My Account" section of the Products.

Whenever the User or Client is signed up through a Partner, opt-ins affecting this Partner shall be managed, operated and updated by the Partner.

5.2 Notifications

It is possible to configure notifications sent by the mobile Application in the settings section of the Application and/or in the device settings.

6 PROCESSING PERSONAL DATA

6.1 Principles

The Company mainly uses personal data in order to be able to offer its Services. The Company commits not to sell Users’ personal data. The Company also commits to never disclose personal data collected, namely email addresses and photographs if provided, except:

The Company shall ensure that these Partners strictly follow the Information and Freedoms Law mentioned above and shall commit to implement the appropriate measures of security and protection of confidentiality of the data sent to them.

6.2 Outsourced processing

The Company informs its Users and Clients that processes listed below require personal data sharing. They are outsourced, only for the reasons indicated, to providers who are themselves GDPR compliant.

7 HOW LONG THE COMPANY RETAINS PERSONAL DATA

Personal data is stored and retained for the duration necessary to complete the purposes for which they are collected, under applicable law. Thus, financial and educational data is retained indefinitely. This will allow the Service to be resumed after a possible interruption, even a long one. The Company also commits that:

8 HOW TO ACCESS PERSONAL DATA

The law gives all Users, Clients and all Referred friends the right to access, correct, delete and revoke consent to processing of their personal data. Modifying personal data (last name, first name, country, email address) belonging to the User or Clients may be performed in the "My Account" section. It is also possible to access your personal data at any time, to modify it or delete it by writing to the following address: A9 SAS - Service des données personnelles, 16A boulevard de Reuilly -75012 Paris.

9 SECURITY

The Company is particularly careful about payment data security.

Payments are managed and secured by certified PCI DSS suppliers using SSL technology (Secure Socket Layer) for encrypting payment information during transactions over the network. This ensures the safety and confidentiality of payment information.

The Company never keeps the credit card information of its Clients.

10 HOST

The host of the Company is Rackspace Ltd., 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ, Great Britain. The company Rackspace is certified ISO 27002, ISO 27001, PCI-DSS, SAS 70 Type II Privacy Shield and Safe Harbor. Rackspace can be reached by phone on +44 20 3131 6381.